Unflappings

Came across the issue of having to install Server 2008 R2 (Windows 7 kernel, NOT Windows Server 2008 SP2) on a Dell PoweEdge 2950.  Server 2008 R2 wouldn’t proceed with the installation and was asking for a nonspecific driver.  After a large amount of trial and error, I finally decided to go about upgrading the firmware of the Dell Remote Administration Controller (DRAC)  to the latest revision. This then allowed the installation to continue without a problem, and all other drivers were found flawlessly.

So if you have a Dell PowerEdge 2950 with a DRAC version 5 controller card, give this a try when installing Windows Server 2008 R2.

Bold indicates a button clicked or key pressed.
“quotes” indicates a value which has been entered.

Grey block quote is a command typed directly into the console.

Manual Backup of Zimbra

1.Gain root shell access to the Zimbra box

#su

#’Your Password’

Stop Zimbra Services from running in order to perform a cold backup. This is necessary so the database and ZCS stay synced. Depending on your installation size,  your server may be down for up to 10 minutes. Generally, for a decent sized install with approximately 150 users, the server will only be down for 4-6 minutes.

#sudo -u zimbra /opt/zimbra/bin/zmcontrol stop

3.Make a backup directory and Sync Zimbra Directory to backup directoy

#cd /
#mkdir backup
#cd backup
#mkdir zimbra
#rsync -avHK /opt/zimbra/ /backup/zimbra

4.Restart Zimbra services

#sudo -u zimbra /opt/zimbra/bin/zmcontrol start

5.Create archived backup for offsite transfer via FTP

#tar -zcvf /tmp/mail.backup.gz -C /backup/zimbra .

6.Finally, send the archive backup to an FTP backup server. The username and password should be entered without any quotes.  In addition, replace IPADDRESS with your ftp server.

#ncftpput -u ’username -p ’password’ IPADDRESS /mail /tmp/mail.backup.gz

Bold indicates a button clicked or key pressed.
“quotes” indicates a value which has been entered.

Grey block quote is a command typed directly into the console.

Purpose

To keep track of the rate and frequency which processes use resources, enabling accounting is a good simple solution. It is very effective and can tell you were performance bottlenecks are in your machine.

Procedures

#touch /var/account/acct
#accton /var/account/acct
#echo ‘accounting_enable=”YES”‘ >> /etc/rc.conf
#lastcomm

The “lastcomm” command will allow you to view process accounting information.

Bold indicates a button clicked or key pressed.
“quotes” indicates a value which has been entered.

Grey block quote is a command typed directly into the console.

1. Edit /etc/inetd.conf and ensure that the following lines are commented out:

telnet stream tcp nowait root /usr/libexec/telnetd telnetd

telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd

Bold indicates a button clicked or key pressed.
“quotes” indicates a value which has been entered.

Grey block quote is a command typed directly into the console.

Procedures

#cd /usr/src/sys/i386/conf
#cp GENERIC MYKERNEL
#echo “options QUOTA” >> MYKERNEL
#cd /usr/src
#make buildkernel KERNCONF=MYKERNEL
#make installkernel KERNCONF=MYKERNEL
#reboot

Edit the /etc/fstab file and add “userquota,groupquota” to the /home filesystem line

Thats it.

Bold indicates a button clicked or key pressed.
“quotes” indicates a value which has been entered.

Grey block quote is a command typed directly into the console.

Purpose

If you have ever installed the snmpd package for Debian or Ubuntu and wondered why it did not bind to all active interfaces no matter what configuration you have, here is the solution.

Procedures

1. You need to modify the “/etc/defaults/snmpd” file and remove the reference to 127.0.0.1 in the startup command to allow it to fall back to defaults. This was put in as a security measure, but there are very valid reasons to remove it.
2. Change the following in the “/etc/defaults/snmpd” file.

SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′

SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid’

Bold indicates a button clicked or key pressed.
“quotes” indicates a value which has been entered.

Grey block quote is a command typed directly into the console.

Purpose

An SSL VPN provides a tunneled connection which may be authenticated using PKI, or shared secret credentials. It is helpful in the sense that all it needs to operate is TCP port 443 open for SSL traffic, which may work better with existing firewall situations.

Procedures

First a reference of IP addresses and interfaces is needed to make this go a bit smoother.

pfSense version 1.2.1
WAN Interface: 172.17.100.3/24
LAN Interface: 192.168.101.1/24

1. Loaded pfSense web interface by navigating to http://192.168.101.1/
2. Navigated to VPN tab then OpenVPN underneath that.
3. Clicked + symbol on right side of the blank table inside the server tab.
4. Set protocol to TCP
5. Placed a check in the box to assume dynamic IPs, so that DHCP clients can connect.
6. Used address pool of “10.0.8.0/24″ for VPN clients.
7. Selected BF-CBC (128-bit) cryptography.
8. Selected Shared Key as Authentication Method.
9. Inserted the shared key that was generate by the OpenVPN software which was generated on the client side.
10. Checked the box to enable LZO compression.
11. Entered “Client Access SSL” under Description.
12. Save

Client Configuration

1. Downloaded and installed OPenVPN and the OpenVPN GUI on client machine (Windows XP in this case).
2. Navigated to Programs->OpenVPN->Generate a static OpenVPN key
3. Clicked Enter to close the command prompt
4. Navigated to “C:\Program Files\OpenVPN\config”
5. Found “key.txt” and renamed to “client-access-vpn.key”
6. Navigated to “C:\Program Files\Open VPN\sample-config”
7. Copied the file “client.ovpn”
8. Navigated back to the “config” folder and pasted the “client.ovpn” file
9. Edited the file as seen below

remote 172.17.100.3
proto tcp-client
dev tun
tun-mtu 1500
ifconfig 10.0.8.2 10.0.8.1
secret client-access-vpn.key
ping 10
comp-lzo
verb 4
mute 1
route-delay 2
route-method exe
route 192.168.101.0 255.255.255.0 10.0.8.1

Client Connection

1. Navigated to Programs->OpenVPN->OpenVPN GUI
2. Right-clicked OpenVPN GUI icon
3. Clicked Connect